Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
04.28 04:04
Purchase Order.pdf.msc
04.28 02:04
setup.exe
04.28 02:04
2025416-方案1-方案細節.pdf.lnk
04.28 10:04
Distribution Document....
04.28 10:04
pik.ps1
04.28 10:04
123.hta
04.28 10:04
verify-sec
04.28 10:04
nums.vbs
04.28 10:04
op.exe
04.28 10:04
cred.dll

Latest News
04.28 07:04
Top Tier Target | What...
04.28 07:04
한드림넷, ‘재팬IT위크’에 일본시장 특...
04.28 07:04
TDK Adds Risk Scenario...
04.28 06:04
기원테크, 제네바 ITU-T 국제무대서 ...
04.28 06:04
쿠도커뮤니케이션, ‘2025 Netsko...
04.28 06:04
사이버아크, 모든 환경에서 워크로드를 보...
04.28 06:04
카스퍼스키, 업계 최대 글로벌 성능 테스...
04.28 06:04
WooCommerce Users Targ...
04.28 06:04
IT Sicherheitsnews tae...
04.28 06:04
Samsung: Android-Smart...

Summary | ZeroBOX

1.exe

Generic Malware Malicious Library UPX PE64 PE File OS Processor Check

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 28, 2025, 8:59 a.m.	April 28, 2025, 9:08 a.m.

Size	1.7MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`066983c36f15fa3d564e871381bcc7d4`
SHA256	`28e949b7af56928a6e4ba885b542a375a2cedde8e54807c04330d688b6176c29`
CRC32	`20ADBE03`
ssdeep	`24576:3FLfAfgVNpNPsTQu2F9NpvOg6fEb6jZIaYcr66KyRZpwrTQKXZ242gzk8lu:ZegVNpNUTcJmEAIur66SrjIn8`
PDB Path	D:\a\1\s\exe\x64\Release\WinObj64.pdb
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

1.exe "C:\Users\test22\AppData\Local\Temp\1.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

D:\a\1\s\exe\x64\Release\WinObj64.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	.detourc
section	.detourd
section	_RDATA

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	AFX_DIALOG_LAYOUT
resource name	INI

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ April 28, 2025, 8:59 a.m.	stacktrace: 1+0x58522 @ 0x13f278522 1+0x57c19 @ 0x13f277c19 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: ff 15 30 e1 08 48 89 5c 24 08 57 48 83 ec 20 48 exception.symbol: 1+0x58522 exception.instruction: call qword ptr [rip + 0x4808e130] exception.module: 1.exe exception.exception_code: 0xc0000005 exception.offset: 361762 exception.address: 0x13f278522 registers.r14: 0 registers.r15: 0 registers.rcx: 48 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1900336 registers.r11: 514 registers.r8: 1898904 registers.r9: 1898960 registers.rdx: 8796092887632 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 133903031747031250 registers.r13: 0	1	0	0

File has been identified by 3 AntiVirus engines on VirusTotal as malicious (3 events)

Kaspersky	HEUR:Trojan.Win32.Generic
Rising	Trojan.Generic!8.C3 (CLOUD)
McAfeeD	ti!28E949B7AF56